[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Access List Example



I believe they are the same. (Someone correct me if I'm wrong)

Matt

On Thu, 2003-05-29 at 07:20, Leone, Todd wrote:
> Thanks, for your assistance.
> Everythings working great..
> 
> One other question.  I'm using the attr with multiple attributes
> And it works great, but I noticed that there's also a attrs and I
> Was wondering if there's any difference between the two, maybe
> Better performance?
> 
> Thanks 
> 
> Todd M. Leone
> Admin. Computing Services
> University of Utah
> tleone@acs.utah.edu
> 801-585-0423
> 
> 
> -----Original Message-----
> From: M Butcher [mailto:mbutcher@grcomputing.net] 
> Sent: Wednesday, May 28, 2003 2:50 PM
> To: Leone, Todd
> Cc: openldap-software@OpenLDAP.org
> Subject: Re: Access List Example
> 
> 
> Here's an example of restricting access to general users, while allowing
> the admin group (well, role, actually) to see them.
> 
> access to attr=description
>     by dn="cn=Manager,dc=mycompany,dc=com" write
>     by
> group/organizationalRole/roleOccupant="cn=Administrators,dc=mycompany,dc
> =com" write
>     by * none
> 
> The second 'by' specifies that "organizationalRole" is to be treated
> like a group, and that group members are specified with "roleOccupant."
> 
> So, anyone listed as a roleOccupant in
> "cn=Administrators,dc=mycompany,dc=com" will be given write access to
> the description field.
> 
> There is more info somewhere in the Faq-O-Matic at openldap.org, I
> think.
> 
> Matt
> 
> On Wed, 2003-05-28 at 13:59, Leone, Todd wrote:
> > List,
> > I've been fighting with this all day and hopefully someone will share
> > An example of their access list in regards to the following:
> > 
> > Based upon group membership, display multiple attributes..
> > For example:
> > Uid=test,ou=people,o=suffix is in group employees
> > 
> > So if test binds and searches, sn=smith 
> > The results will display employeeNumber, workphone, etc...
> > 
> > But is someone else searches who's not in group employees
> > employeeNumber, workphone will not be displayed....
> > 
> > 
> > Any examples will be greatly 
> > Appreciated
> > 
> > 
> > Todd Leone
> > University of Utah
-- 
M Butcher <mbutcher@grcomputing.net>